rules:
- id: {{ check_id }}
  message: |
    Hardcoded secret used for Passport Strategy.
    This is a Insufficiently Protected Credentials weakness: https://cwe.mitre.org/data/definitions/522.html
    Consider using an appropriate security mechanism to protect the credentials (e.g. keeping secrets in environment variables: process.env.SECRET)
  languages: [javascript]
  severity: ERROR
  pattern-either:
{%- for passport in passports %}
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        new $F({{ '{' }}{{ params[passport] }}: "..."}, ...);
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        var $P = {};
        ...
        $P.{{ params[passport] }} = "...";
        ...
        new $F($P, ...);
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        var $P = {{ '{' }}{{ params[passport] }}: "..."};
        ...
        new $F($P, ...);
    - pattern:  |
        var $F = require("{{ passport }}").Strategy;
        ...
        var $S = "...";
        ...
        new $F({{ '{' }}{{ params[passport] }}: $S}, ...);
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        var $S = "...";
        ...
        var $P = {};
        ...
        $P.{{ params[passport] }} = $S;
        ...
        new $F($P, ...);
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        var $S = "...";
        ...
        var $P = {{ '{' }}{{ params[passport] }}: $S};
        ...
        new $F($P, ...);
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        $P = {};
        ...
        $P.{{ params[passport] }} = "...";
        ...
        new $F($P, ...);
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        $P = {{ '{' }}{{ params[passport] }}: "..."};
        ...
        new $F($P, ...);
    - pattern:  |
        var $F = require("{{ passport }}").Strategy;
        ...
        $S = "...";
        ...
        new $F({{ '{' }}{{ params[passport] }}: $S}, ...);
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        $S = "...";
        ...
        var $P = {};
        ...
        $P.{{ params[passport] }} = $S;
        ...
        new $F($P, ...);
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        $S = "...";
        ...
        var $P = {{ '{' }}{{ params[passport] }}: $S};
        ...
        new $F($P, ...);
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        $S = "...";
        ...
        $P = {};
        ...
        $P.{{ params[passport] }} = $S;
        ...
        new $F($P, ...);
    - pattern: |
        var $F = require("{{ passport }}").Strategy;
        ...
        $S = "...";
        ...
        $P = {{ '{' }}{{ params[passport] }}: $S};
        ...
        new $F($P, ...);
{%- endfor -%}